Pages

November 06, 2015

What actually constitutes negligence by failing to take “reasonable efforts?” It appears to have been a sequel injection that led to TalkTalk being breached as well the JP Morgan Chase Corporate Challenge website. Yet “SQLi has been listed on the industry standard OWASP Top 10 for more than a decade. Should TalkTalk or the third-party contractor who built and managed JP Morgan’s site be liable for not finding such a common, well-known vulnerability?” ... Companies with “a dedicated CISO detected more security incidents and reported lower average financial losses per incident,” so should we “assume that a company that does not have a CISO is not making a reasonable effort to secure data?”

Developers will gain access to .NET technologies across Red Hat offerings,” giving developers the ability to build applications and include .NET services,” Paul Cormier, Red Hat executive vice president and president, Products and Technologies, said in a briefing. He called the partnership a “powerful win for the enterprise customer.” “I think everyone knows that there is no doubt now that Linux is a key part of enterprise computing today,” Cormier said. With “cloud at the center of Microsoft’s strategy going forward” the company sees its capabilities around hybrid cloud as a differentiation in the market, Scott Guthrie, EVP of the cloud and enterprise group at Microsoft said.

If you are a Big Data enthusiast or a technologist ramping up (or scratching your head), it is important to spend some serious time deeply understanding the architecture of key systems to appreciate its evolution. Understanding the architectural components and subtleties would also help you choose and apply the appropriate technology for your use case. In my journey over the last few years, some literature has helped me become a better educated data professional. My goal here is to not only share the literature but consequently also use the opportunity to put some sanity into the labyrinth of open source systems. One caution, most of the reference literature included is hugely skewed towards deep architecture overview (in most cases original research papers) than simply provide you with basic overview.

Microsoft has made it clear that it will take on a greater role in managing the Windows update process with Windows 10. The company has also made it clear that it will aggressively push users -- both consumers and businesses -- to upgrade from Windows 7 and Windows 8 to its latest OS. With that in mind, it's hard to image either predecessor hanging around anywhere near as long as Windows XP. The decision to not only push updates out, but also ensure that all Windows 10 devices receive them in a timely fashion, fits well with the concept of Windows as a service. The change may even go unnoticed by many consumers. IT departments, however, are keenly aware of this shift -- and many aren't happy about it.

"Compare it to the development of previous computing platforms, like phones and computers, I think the first smartphones came out in 2003," he said. "In the first year, I think BlackBerry and Palm Treo were the initial smartphones that came out. I think they each sold in the hundreds of thousands of units. So just to kind of give a sense of the time frame that we're thinking about this and how we expect this to develop, that's how we're thinking." Schroepfer also believes that VR headsets will grow to be as popular phones are today but that it's important not to mislead people on the rate of adoption. "I'm incredibly bullish on VR but it's a brand new platform and it will take a while to develop.

This paper reviews some ingredients of the current “Data Science moment”, including recent commentary about data science in the popular media, and about how/whether Data Science is really different from Statistics. The now-contemplated field of Data Science amounts to a superset of the fields of statistics and machine learning which adds some technology for ‘scaling up’ to ‘big data’. This chosen superset is motivated by commercial rather than intellectual developments. ... Because all of science itself will soon become data that can be mined, the imminent revolution in Data Science is not about mere ‘scaling up’, but instead the emergence of scientific studies of data analysis science-wide. In the future, we will be able to predict how a proposal to change data analysis workflows would impact the validity of data analysis across all of science, even predicting the impacts field-by-field.

Safe Harbor was simple for European companies to implement, as all they had to do was contract with a U.S. data processor registered under the agreement. It was the responsibility of the U.S. company to ensure compliance. The alternative mechanisms provided for in the EU's 1995 Data Protection Directive -- standard contract clauses, binding corporate rules, or obtaining the informed consent of the person whose data is transferred -- put the responsibility squarely on the company at the origin of the transfer. "Whatever they choose, they must be able to prove that the protection is in place, that they guarantee the protection of data transferred to the U.S. This is especially a challenge for SMEs," Jourová said.

Innovative data architects and vendors realize that semantics is the key to bringing context and meaning to our information so we can extract those much-needed business insights, at scale, and more importantly, personalized. Data relevance has always mattered. In today's hyperclimate, where customer and business success is measured in seconds and minutes, data relevance is measured in microseconds. Results of data relevance, or the lack of it, can be magnified. Think about the reaction to a retailer's stock and reputation when there is a security breach of customer credit cards. Consider how an ill-thought-out tweet by an executive of a clothing company alienates customers, bringing down sales and revenue as it speeds across social media and the news.

Prestridge notes that (despite the noteworthy hacks lately) the automotive industry has been working on security for years, as has the medical and aerospace industry. ... Prestridge outlines the challenge: “Functional safety-certified tools aren’t enough; code analysis tools (both static and runtime) can help ferret out potential security issues by spotting things like the classic buffer overrun exploit before the design gets in the field. By using code analysis tools, developers can prevent these problems before they ever get checked into a build. And by selecting a pre-certified tool that has already been quality-tested by an independent third-party organization specialized on safety requirements, entire companies can save valuable time and money.”

Box understood this early on, and has made headway in the enterprise market. Dropbox focused on growth before revenue, then launched Dropbox for Business in 2013. Now, it finds itself trying to bring more paying customers to its expansive, under-monetized user base of 400 million individuals and 8 million businesses. ... Dropbox Enterprise represents a new tier in the Dropbox Business offering. It adds deployment tools to help IT administrators rapidly migrate and create accounts. It offers domain controls to give administrators insight into personal Dropbox usage on corporate domains. It allows for collaboration visibility to provide IT with oversight of Dropbox files shared with external personnel. It also provides unrestricted access to the Dropbox API for integrating the service with existing IT systems, as well as access to a customer manager for assistance.

Quote for the day:

"In conclusion,IT has come a long way in India, today we're a nation of a connected billion. How do we use this connectivity going forward?" -- @Sampitroda